Providers of operating systems, widely used applications, or specialized complex software packages, etc. often frequently release updates or fixes upon discovering problems such as potentially serious programming mistakes, security deficiencies, and other issues. For example, the vendor of an operating system may discover that a certain version of the operating system does not properly handle a particular event, or that a certain communication port may not be protected from unauthorized access. Rather than preparing a new release of the operating system that may span tens of thousands of files, the vendor typically prepares one or several objects such as dynamic-link libraries (DLLs) to replace or complement objects in the released version of the operating system. Similarly, a provider of a software solution, implemented as an application on a standard operating system, for example, may sometimes discover an issue only after the software solution has been released to one or several customers, and accordingly may wish to release a patch directly to the customers. The ever-increasing complexity of operating systems and specialized software solutions ensures that the number of updates required in a typical environment remains high.
Moreover, threats of electronic attacks have necessitated periodic updates of antivirus databases. These databases, as is generally known, often store data patterns which antivirus software may detect in network traffic and flag packets or frames carrying such patterns. Because new forms of malware (e.g., viruses, worms, trojan horses, spyware) are generated almost daily, antivirus databases require frequent updates for the corresponding antivirus software to remain effective. Further, as more and more hosts communicate over the Internet, the importance of cyber protection continues to increase.
In short, many software manufacturers today require or at least recommend regular updates to software products already released to customers. To simplify the process of delivering and installing such updates, some software manufacturers provide so-called Commercial Off-The-Shelf (COTS) deployment applications. For example, Microsoft Corporation has developed a Windows™ Server Update Service (WSUS). Generally speaking, WSUS includes a downloadable client component that runs on a host in a local network, contacts an external server component to receive updates, and installs updates received from the server component on multiple computers running a version of the Windows operating system. In this manner, WSUS eliminates the necessity to separately install updates on each individual computer.
Whereas users of personal computers can safely obtain updates directly from dedicated websites maintained by providers of the corresponding software (e.g., using the Windows Update application), corporations and other organizations that support relatively large local area networks typically roll out updates via one or several intermediate servers. Network administrators sometimes may wish to review the lists of available updates, determine when the available updates should be installed, and distribute the selected updates to hosts within the local network. Moreover, WSUS supports parent/child topologies so that a WSUS host on the corporate network, in the role of a parent, can receive one or several updates and provide these updates to one or several child WSUS hosts for subsequent distribution to user workstations.
Approval by network administrators is particularly relevant for those organizations or parts of organizations that run specialized software systems sensitive to changes in the operating system environment. The effect of updates on specific systems and applications running on hosts is frequently unknown. For example, a security update may adversely affect a communication channel or port used by the software system. Thus, in many cases, the manufacturer of the software system is better positioned to approve or reject an operating system update.
One example of such complex software system is a Windows-based DeltaV™ control system, sold by Emerson™ Process Management. Generally speaking, DeltaV is a digital automation system for managing and controlling industrial processes. As is generally known, many modern industrial processes are instrumented with controllers and various devices that automatically perform physical functions in a field according to a certain control strategy. Many control strategies are highly complex, and teams of engineers, operators, and technicians require comprehensive software solutions such as DeltaV to manage process plants that implement such control strategies. Today, plant operators in such diverse industries as life sciences, biotechnologies, petroleum, gas, chemicals, pulp and paper, and food and beverage run DeltaV in numerous process plants.
DeltaV includes multiple applications stored within and executed by different hosts such as workstations located at diverse places within a process plant. If desired, DeltaV applications also may be networked across several facilities or process control plants. For example, a configuration application, which resides in one or more operator workstations, enables users to create or change process control modules and download these process control modules via a data highway to dedicated distributed controllers. As another example, viewing applications, which may be run on one or more operator workstations, receive data from a controller application via a data highway and display this data to process control system designers, operators, or users using the user interfaces.
Because a process control system such as DeltaV may be compatible with a standard operating system (OS) such as Windows, for example, it may be appropriate to install some of the OS updates on workstations running the process control system. However, some of the other OS updates may be unnecessary for proper operation of the process control system, while yet others are potentially harmful to the process control system. Further, the antivirus updates may similarly fall into several categories according to the requirements of the process control system. Still further, the manufacturer may sometimes wish to update the process control system workstations at a plant operator site. For these and other reasons, hosts running the process control system may require a very specific combination of software updates. However, COTS applications such as WSUS are not set up for deployment of updates to specialized software applications such as process control systems. With respect to OS updates, operators of process control systems at best can use a COTS application with manual approval or rejection of updates.
Moreover, because process control system workstations typically define only a portion of a larger network of a plant operator, the updates suitable for such workstations may not be the same as the updates installed on hosts operating in the plant operator's network but unrelated to the process control system. Network administrators thus may be required to keep track of different requirements for different hosts in the local network even though each host has the same version of the operating system. In other organizations, a process control system operator may be responsible for network administration of the process control network that includes dedicated workstations, while corporate network administrators may be responsible for other portions of the network. However, this division of responsibilities may not be practical. For example, WSUS updates to process control system workstations typically proceed through a WSUS host in the corporate network. The WSUS host may notify a corporate network administrator that certain hosts (i.e., process control system workstations) have not been properly upgraded, and process control system operators subsequently may have to explain why some of the upgrades have been omitted in the process control network.
These and other factors lead to loss of productivity, lack of clarity, and increased complexity of network administration. As a more trivial matter, corporate or local network administrators may make mistakes in selecting or applying software updates, or may not always treat software updates as a high priority task. As a result, many important updates remain uninstalled for long periods of time. Meanwhile, process control systems remain exposed to threats to security or system integrity, as is often the case with updates that fix system crashes. As operators move away from proprietary technology to more open and interoperable standards and systems, the threat of cyber attacks in the process control industry becomes more relevant. Further, in many cases, updates unrelated to security threats are equally important inasmuch as such updates address issues related to system stability and reliability.